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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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DETAILED ACTION 

1 . The amendment filed 28 June 2007 has been noted and made of record. 

2. Claims 1 -9 have been cancelled as per Applicant's request. 

3. Claims 1 0-22 have been presented for examination. 

Response to Arguments 

4. Applicant's arguments, see page 6, filed 28 June 2007, with respect to the specification 
have been fully considered and are persuasive. The objection of specification has been 
withdrawn. 

5. Applicant's amendments, filed 28 June 2007, with respect to the independent claims 10 
and 15 have been fully considered and are persuasive. The 35 U.S.C. 1 122, 2 nd rejection of 
claims 10-22 has been withdrawn. 

6. Applicant's arguments with respect to the prior art rejection of claims 10-22 have been 
considered but are moot in view of the new grounds of rejection. 

7. See further rejections that follow 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

9. Claims 10, 1 1, 15-17 and 20 are rejected under 35 U.S.C. 102(b) as being anticipated by 
U.S. Patent Application Publication No. 2003/0014662 Al to Gupta et al., hereinafter Gupta. 
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10. As per claim 10 5 Gupta teaches a method for securing logical access to information 
and/or computing resources in a group of computer equipment with minimum access delay, said 
group of computer equipment exchanging data with a computer telecommunication network via 
an access device comprising an operating system, and said data comprising transported data that 
conform to at least one application protocol, as well as transport data, said method comprising 
the steps of: 

defining a finite-state machine for each application protocol (Figures 2 [element 66], 5 
[block 66], 9 [block 64], paragraphs 0086, 0089, 0091, i.e. state machine for application layer 
protocols); 

modeling each finite-state machine in the form of a model (Figures 2 [element 67], 7, 10, 
paragraphs 0107, 0109-01 10); 

generating from each model (Figures 2 [element 67], 7, 10, paragraphs 0107, 0109-01 10), 
an analysis module for each application protocol by means of an interpreter (Figures 9 [blocks 
63, 64], 12 [Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 0091, 0092, 
i.e. protocol parser specifies the parsing of application layer protocols); and 

filtering (Figure 9 [blocks 54, 55], 12 [Attack Detector, Response Module], paragraph 
0104, i.e. protocol parser detects SSIDs and passes them to the attack detector) the transported 
data in said operating system by means of said analysis modules (Figures 9 [blocks 63, 64], 12 
[Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 0091, 0092, i.e. 
protocol parser specifies the parsing of application layer protocols). 


11. 


Regarding claim 11, Gupta teaches the step of verifying the conformity of said 
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transported data with the application protocols involved by means of said analysis modules 
(paragraphs 0083, 0085, 0093, 0103-0104, i.e. checking data locations, examining*fields in the 
packet header and fixed locations within the packet payload). 

12. As per claim 1 5, Gupta teaches an access device for securing logical access to 
information and/or computing resources in a group of computer equipment with minimum access 
delay, said group of computer equipment exchanging data with a computer telecommunication 
network via said access device, and said data comprising transported data that conform to at least 
one application protocol, as well as transport data, said access device comprising: 

an operating system (Figures 4A [Linux System], 16 [Windows, Solaris], paragraph 
0162) that includes an appropriate analysis module for each application protocol (Figures 9 
[blocks 63, 64], 12 [Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 
0091, 0092, i.e. protocol parser specifies the parsing of application layer protocols); 

a filtering module for filtering (Figure 9 [blocks 54, 55], 12 [Attack Detector, Response 
Module]) said transported data in said operating system by means of said analysis modules 
(paragraph 0104, i.e. protocol parser detects SSIDs and passes them to the attack detector). 

13. Regarding claim 16, Gupta teaches wherein each analysis module (Figures 9 [blocks 63, 
64], 12 [Fixed-field detector, Protocol Parsing State Machine]) implements a finite-state machine 
representing a given application protocol (paragraphs 0089, 0091, i.e. protocol parser is 
implemented using a state machine to parse application layer protocols). 
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14. Regarding claim 17, Gupta teaches wherein said analysis modules (Figure 9 [blocks 63, 
64]) comprises a first information processing module for verifying the conformity of said 
transported data with said application protocols involved (paragraphs 0083, 0085, 0093, 0103- 
0104, i.e. checking data locations, examining fields in the packet header and fixed locations 
within the packet payload). 

15. With regards to claim 20, Gupta teaches wherein said analysis modules (Figure 9 [blocks 
63, 64]) comprises a first information processing module for verifying the conformity of said 
transported data with said application protocols involved (paragraphs 0083, 0085, 0093, 0103- 
0104, i.e. checking data locations, examining fields in the packet header and fixed locations 
within the packet payload). 

Claim Rejections - 35 USC § 103 

16. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

17. Claims 12-14, 18, 19, 21, and 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gupta in view of U.S. Patent No. 7,237,258 Bl to Pantuso et al., hereinafter 
Pantuso. 

18. Regarding claims 12, 13, 13, 21, and 22, Gupta does not teach the step of restricting the 
capabilities offered by an application protocol by means of said analysis module. 
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19. Pantuso teaches the firewall restricting predetermined application level protocols, such as 
e-mail and FTP applications (column 5, lines 44-54). 

20. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to restrict the capabilities offered be an application protocol by means of said analysis 
module, since Pantuso states at column 2, lines 47-57 that restricting the capabilities offered by 
application protocols provides a more secure environment for management purposes by granting 
more access to trusted applications. 

21 . Concerning claims 14 and 19, Gupta teaches the step of parameterizing said analysis 
modules in accordance with predetermined restrictions (paragraphs 0094, i.e. tokens). 

22. Pantuso discloses a user configuring a firewall or filtering component (column 1 , line 59 
to column 2, line 5). 

Conclusion 

23. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

24. The following patents are cited to further show the state of the art with respect to filtering 
application layer protocols using state machines, such as: 

United States Patent No. 6,349,405 Bl to Welfeld, which is cited to show classifying 
packets using a state machine. 

. United States Patent No. 7,234,168 B2 to Gupta et al., which is cited to show a patent 
related to the application that was used to reject the claims of the instant application. 


Application/Control Number: 10/537,310 


Page 7 


Art Unit: 2131 

United States Patent Application Publication No. 2002/0010800 Al to Riley, which is 
cited to show a stateful multilayer firewall that filters packets at the application layer (i.e. 
paragraph 0070). 

25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

26. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

27. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Christian LaForgia 
Patent Examiner / 
Art Unit 2131 v 



